tags:

views:

648

answers:

3
+1  Q: 

Why does wcf web service hosted in iis over ssl. result in "403 forbidden"? Jquery $.post sends OPTIONS verb?

I have a WCF Webservice hosted in IIS. It uses a webHttpBinding. There are WebInvoke attributes on the methods so that they can be access REST style. I can successfully use them like so: http://mydomain.com/MyService.svc/some/rest/style/thing and POST to that the arguments to the web service.

Now I want to change this to HTTPS over a nonstandard port 7777. I configured IIS correctly, got the cert and everything. I can access html pages over https://mydomain.com:7777. I added a modified the webhttpbinding to add a security node like so:

<security mode="Transport">
    <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
</security>

I also changed my behavior's servicemetadata node and removed httpGetEnabled='true' and added httpsGetEnabled='true'

I can access https://mydomain.com:7777/MyService.svc and get a screen of info.

I can access https://mydomain.com:7777/MyService.svc/some/rest/style/thing using http get and i get a "Method not allowed" message.

BUT If I try to access https://mydomain.com:7777/MyService.svc/some/rest/style/thing with a POST I get a 403 forbidden

update some more info

I'm narrowing down the problem

I am using jQuery and accessing the webservice via a $.post("http://mydomain.com/.....". "data", callback, "json")..that worked now I am doing $.post("https://mydomain.com:7777/.....". "data", callback, "json")..and that gives me a 403...using firebug I see instead of sending a POST, it is sending OPTIONS initially..and that is what is giving the 403

this might be a jquery problem

A: 

You need to run httpcfg to get IIS to listen for SSL traffic on a non standard port.

Shiraz Bhaiji  2009-09-25 18:52:04
actually I have IIS listening just fine..it turned out to be more of a jquery issue..why it sends an OPTIONS verb instead of a POST verb when doing cross domain POST's
puffpio  2009-09-27 20:07:56
A: 

JQuery $.ajax, $.get, $.post calls dont allow cross-domain calls. When you do make one, it sends OPTIONS verb instead of the POST verb, though the request method is POST.

Other work around could be creating another sub-domain which points to IP address of the URL you want to actually invoke.

Ajaxe  2009-10-25 17:11:49
A: 

Puffpio:

Please check to ensure that you're appending the "callback=?" parameter to your request URI. Then you should be seeing the GET verb in your request header.

From the jQuery documentation page:

The callback takes the form "example.com?callback=?". jQuery automatically replaces the '?' with a random method name that doesn't clash with the global scope. You do not have to specify the method name yourself.

Hope this helps,

Michael Ibarra

Michael Ibarra  2010-01-06 21:33:10

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?